Hi,

We are from secured project, disconnected environment with no internet access. During this quarter Vulnerability scan we found 2 vulnerabilities.

1. vulnerability in SSL 3.0 could allow information disclosure (POODLE)

workaround done : SSL 2.0 and SSl 3.0 are disabled and TLS 1.0,1.1,1.2 have been enabled through group policy 

In registry - created Dword (Enabled) and set 0 for SSL2.0 and SSl 3.0 ( both client and server)

Created Dword (Enabled) and set value to 1 for TLS 1.0,1.1,1.2 (both client and server)

2. Improperly issued digital certificates could allow spoofing

Installed KB2813430, tried to install KB2677070 (error not applicable)

Tried installing rvkroots - shows no sign of installation

Scan report says " The remote host has KB2677070 or KB2813430, but the disallowed CTL has not been updated.

Kindly help us in fixing the issue at earliest

Regards,

Shan Madhuran

Hi Shan,

The first vulnerability would be solved by disabling SSL 2.0 and 3.0.

Here is a similar thread below:

RRAS, SSTP and POODLE Vulnerability

https://social.technet.microsoft.com/Forums/en-US/781eb772-0c0a-46cd-8f68-4d74edd4635f/rras-sstp-and-poodle-vulnerability?forum=winservergen

Regarding the second one, please enable auto updates for disallowed CTLs by set the following registry key to 1:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\EnableDisallowedCertAutoUpdate

More information for you:

An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows

http://support.microsoft.com/kb/2813430

Best Regards,

Amy

Hi Amy Wang,

Thanks for your reply. For POODLE I have already disabled SSL 2.0 and SSL 3.0 and enabled TLS 1.0 TLS 1.1 and TLS 1.2 through group policy

Created dword disablebydefault and set value to 1 for SSL 2.0 and SSL 3.0 and Created Dword Enabled and set value as 1 for TLS 1.0 TLS 1.1 and TLS 1.2

For Improperly Issued Digital certificates could allow spoofing -  Installed KB2813430 and created Dword EnableDisallowedCertAutoUpdate and set value to 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot

After Nessus scan still the vulnerability persist.

Kindly advice on this !!

Regards,

Shan Madhuran

Hi Shan,

Please make sure that the machine is able to connect to Internet so that it can download CTLs.

In addition, since it is a third party scan, please also try to contact their support to get more insights on the issue.

Best Regards,

Amy 

Hi Amy,

Thanks for your reply. We have already enabled internet access and downloaded the corresponding updates suggested by microsoft till 27th dec 2014. But still the vulnerability persist. And the third party scan are insisting us to contact microsoft support for this.

Regards,

shan Madhuran 

Hi Shan

Since the CTLs are downloaded successfully, you can ignore the scan message safely.

Best Regards,

Amy

Hi Amy,

For spoofing vulnerability will check with vulnerability scan team. For POODLE Vulnerability i have done all the remediation suggested by Microsoft and i have shared work around done to you. My query is i am missing anything in poodle remediation. Could you please guide me on this.

Regards,

Shan Madhuran

Hi Shan,

I don't think that you are missing anything.

Just keep the machines fully updated.

Best Regards,

Amy

Hi Amy,

Thanks for your prominent support to my query. I have updated all the related to windows 7 in the machine even then after scan the vulnerability still persist.

Regards,

Shan Madhuran